@pekrzyz I believe I must be getting something mixed up. As all HTTP functions created, run without permissions. Which means they are unable to query a database that is set to anything but public. So if I set a database to read/write members only, the backend itself no longer has access to this collection. You will always get a permissions error when attempting to do this.
I’ve read briefly you can set up CORS authentication but haven’t completed my research on this yet. I could create a backend web module as well, but I don’t think this actually runs on the server, it only imports modules to use in the front end.
Any help or insight you have on this topic is extremely useful.